[Snyk] Upgrade @apollo/client from 3.4.16 to 3.8.1

[Loonz206]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @apollo/client from 3.4.16 to 3.8.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 126 versions ahead of your current version.
• The recommended version was released 23 days ago, on 2023-08-10.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Prototype Pollution SNYK-JS-MONGOOSE-2961688	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Prototype Pollution SNYK-JS-MONGOOSE-5777721	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Prototype Poisoning SNYK-JS-QS-3153490	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Information Exposure SNYK-JS-NANOID-2332193	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Session Fixation SNYK-JS-PASSPORT-2840631	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CONVENTIONALCOMMITSPARSER-1766960	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIMOFFNEWLINES-1296850	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @apollo/client

• 3.8.1 - 2023-08-10
  

  Patch Changes

  • #11141 c469b1616 Thanks @ jerelmiller! - Remove newly exported response iterator helpers that caused problems on some installs where @ types/node was not available.

    IMPORTANT

    The following exports were added in version 3.8.0 that are removed with this patch.

    • isAsyncIterableIterator
    • isBlob
    • isNodeReadableStream
    • isNodeResponse
    • isReadableStream
    • isStreamableBlob
• 3.8.0 - 2023-08-07
  Read more
• 3.8.0-rc.2 - 2023-08-01
  

  3.8.0-rc.2

  Minor Changes

  • #11112 b4aefcfe9 Thanks @ jerelmiller! - Adds support for a skipToken sentinel that can be used as options in useSuspenseQuery and useBackgroundQuery to skip execution of a query. This works identically to the skip option but is more type-safe and as such, becomes the recommended way to skip query execution. As such, the skip option has been deprecated in favor of skipToken.

    We are considering the removal of the skip option from useSuspenseQuery and useBackgroundQuery in the next major. We are releasing with it now to make migration from useQuery easier and make skipToken more discoverable.

    import { skipToken } from "@ apollo/client";

    const id: number | undefined;

    const { data } = useSuspenseQuery(
    query,
    id ? { variables: { id } } : skipToken
    );

    Breaking change

    Previously useBackgroundQuery would always return a queryRef whenever query execution was skipped. This behavior been updated to return a queryRef only when query execution is enabled. If initializing the hook with it skipped, queryRef is now returned as undefined.

    To migrate, conditionally render the component that accepts the queryRef as props.

    Before

    function Parent() {
    const [queryRef] = useBackgroundQuery(query, skip ? skipToken : undefined);
    // ^? QueryReference<TData | undefined>

    return <Child queryRef={queryRef} />;
    }

    function Child({
    queryRef,
    }: {
    queryRef: QueryReference<TData | undefined>;
    }) {
    const { data } = useReadQuery(queryRef);
    }

    After

    function Parent() {
    const [queryRef] = useBackgroundQuery(query, skip ? skipToken : undefined);
    // ^? QueryReference<TData> | undefined

    return queryRef ? <Child queryRef={queryRef} /> : null;
    }

    function Child({ queryRef }: { queryRef: QueryReference<TData> }) {
    const { data } = useReadQuery(queryRef);
    }

  Patch Changes

  • #11086 0264fee06 Thanks @ jerelmiller! - Fix an issue where a call to refetch, fetchMore, or changing skip to false that returned a result deeply equal to data in the cache would get stuck in a pending state and never resolve.

  • #11115 78739e3ef Thanks @ phryneas! - Enforce export type for all type-level exports.

  • #11103 e3d611daf Thanks @ caylahamann! - Fixes a bug in useMutation so that onError is called when an error is returned from the request with errorPolicy set to 'all' .

  • #11083 f766e8305 Thanks @ phryneas! - Adjust the rerender timing of useQuery to more closely align with useFragment. This means that cache updates delivered to both hooks should trigger renders at relatively the same time. Previously, the useFragment might rerender much faster leading to some confusion.

  • #11082 0f1cde3a2 Thanks @ phryneas! - Restore Apollo Client 3.7 getApolloContext behaviour

• 3.8.0-rc.1 - 2023-07-17
  

  3.8.0-rc.1

  Patch Changes

  • #11071 4473e925a Thanks @ jerelmiller! - #10509 introduced some helpers for determining the type of operation for a GraphQL query. This imported the OperationTypeNode from graphql-js which is not available in GraphQL 14. To maintain compatibility with graphql-js v14, this has been reverted to use plain strings.
• 3.8.0-rc.0 - 2023-07-13
  

  3.8.0-rc.0

  Minor Changes

  • #11058 89bf33c42 Thanks @ phryneas! - (Batch)HttpLink: Propagate AbortErrors to the user when a user-provided signal is passed to the link. Previously, these links would swallow all AbortErrors, potentially causing queries and mutations to never resolve. As a result of this change, users are now expected to handle AbortErrors when passing in a user-provided signal.

  • #11040 125ef5b2a Thanks @ phryneas! - HttpLink/BatchHttpLink: Abort the AbortController signal more granularly.
    Before this change, when HttpLink/BatchHttpLink created an AbortController
    internally, the signal would always be .aborted after the request was completed. This could cause issues with Sentry Session Replay and Next.js App Router Cache invalidations, which just replayed the fetch with the same options - including the cancelled AbortSignal.

    With this change, the AbortController will only be .abort()ed by outside events,
    not as a consequence of the request completing.

  Patch Changes

  • #11053 c0ca70720 Thanks @ phryneas! - Add SuspenseCache as a lazy hidden property on ApolloClient.
    This means that SuspenseCache is now an implementation details of Apollo Client
    and you no longer need to manually instantiate it and no longer need to pass it
    into ApolloProvider.
    Trying to instantiate a SuspenseCache instance in your code will now throw an
    error.

    Migration:

    -import { SuspenseCache } from '@ apollo/client';

    -const suspenseCache = new SuspenseCache();

    -<ApolloProvider client={client} suspenseCache={suspenseCache} />;
    +<ApolloProvider client={client} />;

• 3.8.0-beta.7 - 2023-07-10
  

  3.8.0-beta.7

  Minor Changes

  • #10994 2ebbd3abb Thanks @ phryneas! - Add .js file extensions to imports in src and dist/*/.d.ts

  • #11045 9c1d4a104 Thanks @ jerelmiller! - When changing variables back to a previously used set of variables, do not automatically cache the result as part of the query reference. Instead, dispose of the query reference so that the InMemoryCache can determine the cached behavior. This means that fetch policies that would guarantee a network request are now honored when switching back to previously used variables.

  • #10915 3a62d8228 Thanks @ phryneas! - Changes how development-only code is bundled in the library to more reliably enable consuming bundlers to reduce production bundle sizes while keeping compatibility with non-node environments.

  Patch Changes

  • #11026 b8d405eee Thanks @ phryneas! - Store React.Context instance mapped by React.createContext instance, not React.version.
    Using React.version can cause problems with preact, as multiple versions of preact will all identify themselves as React 17.0.2.

  • #11000 1d43ab616 Thanks @ phryneas! - Use import * as React everywhere. This prevents an error when importing @ apollo/client in a React Server component. (see #10974)

  • #11035 a3ab7456d Thanks @ jerelmiller! - Incrementally re-render deferred queries after calling refetch or setting skip to false to match the behavior of the initial fetch. Previously, the hook would not re-render until the entire result had finished loading in these cases.

• 3.8.0-beta.6 - 2023-07-05
  

  3.8.0-beta.6

  Patch Changes

  • #11027 e47cfd04e Thanks @ phryneas! - Prevents the DevTool installation warning to be turned into a documentation link.

  • #11013 5ed2cfdaf Thanks @ alessbell! - Make private fields inFlightLinkObservables and fetchCancelFns protected in QueryManager in order to make types available in @ apollo/experimental-nextjs-app-support package when extending the ApolloClient class.

  • #11032 6a4da900a Thanks @ jerelmiller! - Throw errors in useSuspenseQuery for errors returned in incremental chunks when errorPolicy is none. This provides a more consistent behavior of the errorPolicy in the hook.

    Potentially breaking change

    Previously, if you issued a query with @ defer and relied on errorPolicy: 'none' to set the error property returned from useSuspenseQuery when the error was returned in an incremental chunk, this error is now thrown. Switch the errorPolicy to all to avoid throwing the error and instead return it in the error property.

  • #11025 6092b6edf Thanks @ jerelmiller! - useSuspenseQuery and useBackgroundQuery will now properly apply changes to its options between renders.

• 3.8.0-beta.5 - 2023-06-28
  Read more
• 3.8.0-beta.4 - 2023-06-20
• 3.8.0-beta.3 - 2023-06-15
• 3.8.0-beta.2 - 2023-06-07
• 3.8.0-beta.1 - 2023-05-31
• 3.8.0-beta.0 - 2023-05-26
• 3.8.0-alpha.15 - 2023-05-17
• 3.8.0-alpha.14 - 2023-05-16
• 3.8.0-alpha.13 - 2023-05-03
• 3.8.0-alpha.12 - 2023-04-13
• 3.8.0-alpha.11 - 2023-03-28
• 3.8.0-alpha.10 - 2023-03-17
• 3.8.0-alpha.9 - 2023-03-15
• 3.8.0-alpha.8 - 2023-03-02
• 3.8.0-alpha.7 - 2023-02-15
• 3.8.0-alpha.6 - 2023-02-07
• 3.8.0-alpha.5 - 2023-01-19
• 3.8.0-alpha.4 - 2023-01-13
• 3.8.0-alpha.3 - 2023-01-03
• 3.8.0-alpha.2 - 2022-12-21
• 3.8.0-alpha.1 - 2022-12-21
• 3.8.0-alpha.0 - 2022-12-09
• 3.7.17 - 2023-07-05
  

  Patch Changes

  • #10631 b93388d75 Thanks @ phryneas! - ObservableQuery.getCurrentResult: skip the cache if the running query should not access the cache
• 3.7.16 - 2023-06-20
• 3.7.15 - 2023-05-26
• 3.7.14 - 2023-05-03
• 3.7.13 - 2023-04-27
• 3.7.12 - 2023-04-12
• 3.7.11 - 2023-03-31
• 3.7.10 - 2023-03-02
• 3.7.9 - 2023-02-17
• 3.7.8 - 2023-02-15
• 3.7.7 - 2023-02-03
• 3.7.6 - 2023-01-31
• 3.7.5 - 2023-01-24
• 3.7.4 - 2023-01-13
• 3.7.3 - 2022-12-15
• 3.7.2 - 2022-12-06
• 3.7.1 - 2022-10-20
• 3.7.0 - 2022-09-30
• 3.7.0-rc.0 - 2022-09-21
• 3.7.0-beta.8 - 2022-09-21
• 3.7.0-beta.7 - 2022-09-08
• 3.7.0-beta.6 - 2022-06-27
• 3.7.0-beta.5 - 2022-06-10
• 3.7.0-beta.4 - 2022-06-10
• 3.7.0-beta.3 - 2022-06-07
• 3.7.0-beta.2 - 2022-06-07
• 3.7.0-beta.1 - 2022-05-26
• 3.7.0-beta.0 - 2022-05-25
• 3.7.0-alpha.6 - 2022-05-19
• 3.7.0-alpha.5 - 2022-05-16
• 3.7.0-alpha.4 - 2022-05-13
• 3.7.0-alpha.3 - 2022-05-09
• 3.7.0-alpha.2 - 2022-05-03
• 3.7.0-alpha.1 - 2022-05-03
• 3.7.0-alpha.0 - 2022-04-27
• 3.6.10 - 2022-09-29
• 3.6.9 - 2022-06-21
• 3.6.8 - 2022-06-10
• 3.6.7 - 2022-06-10
• 3.6.6 - 2022-05-26
• 3.6.5 - 2022-05-23
• 3.6.4 - 2022-05-16
• 3.6.3 - 2022-05-05
• 3.6.2 - 2022-05-03
• 3.6.1 - 2022-04-28
• 3.6.0 - 2022-04-26
• 3.6.0-rc.1 - 2022-04-19
• 3.6.0-rc.0 - 2022-04-18
• 3.6.0-beta.13 - 2022-04-14
• 3.6.0-beta.12 - 2022-04-11
• 3.6.0-beta.11 - 2022-04-05
• 3.6.0-beta.10 - 2022-03-29
• 3.6.0-beta.9 - 2022-03-10
• 3.6.0-beta.8 - 2022-03-10
• 3.6.0-beta.7 - 2022-03-10
• 3.6.0-beta.6 - 2022-02-15
• 3.6.0-beta.5 - 2022-02-04
• 3.6.0-beta.4 - 2022-02-03
• 3.6.0-beta.3 - 2021-11-23
• 3.6.0-beta.2 - 2021-11-22
• 3.6.0-beta.1 - 2021-11-16
• 3.6.0-beta.0 - 2021-11-16
• 3.5.10 - 2022-02-24
• 3.5.9 - 2022-02-15
• 3.5.8 - 2022-01-24
• 3.5.7 - 2022-01-10
• 3.5.6 - 2021-12-07
• 3.5.5 - 2021-11-23
• 3.5.4 - 2021-11-19
• 3.5.3 - 2021-11-17
• 3.5.2 - 2021-11-10
• 3.5.1 - 2021-11-09
• 3.5.0 - 2021-11-08
• 3.5.0-rc.3 - 2021-11-03
• 3.5.0-rc.2 - 2021-10-22
• 3.5.0-rc.1 - 2021-10-04
• 3.5.0-rc.0 - 2021-10-04
• 3.5.0-beta.18 - 2021-10-01
• 3.5.0-beta.17 - 2021-09-27
• 3.5.0-beta.16 - 2021-09-20
• 3.5.0-beta.15 - 2021-09-17
• 3.5.0-beta.14 - 2021-09-17
• 3.5.0-beta.13 - 2021-09-13
• 3.5.0-beta.12 - 2021-09-10
• 3.5.0-beta.11 - 2021-08-30
• 3.5.0-beta.10 - 2021-08-30
• 3.5.0-beta.9 - 2021-08-26
• 3.5.0-beta.8 - 2021-08-24
• 3.5.0-beta.7 - 2021-08-23
• 3.5.0-beta.6 - 2021-08-18
• 3.5.0-beta.5 - 2021-08-09
• 3.5.0-beta.4 - 2021-08-04
• 3.5.0-beta.3 - 2021-08-03
• 3.5.0-beta.2 - 2021-08-02
• 3.5.0-beta.1 - 2021-07-29
• 3.5.0-beta.0 - 2021-07-28
• 3.4.17 - 2021-11-08
• 3.4.16 - 2021-10-04

from @apollo/client GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication